NSA Foils Much Internet Encryption

An anonymous reader writes "The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'" You may prefer Pro Publica's non-paywalled version, instead, or The Guardian's.

SSH?

[Phibz]

I wonder if their list includes SSH

Uh... okay

[cryptizard]

I believe the "working with industries to install backdoors" part, but the cracking internet standards encryption? Nope. The report doesn't even say what they are supposed to have cracked, only some nebulous "widely used internet encryption". Do they have a ton of computation power? Yes. Do they have some magical break on AES that no one in academia knows about or can even fathom? No. Just some FUD.

And the crucial details.. missing

[hydrofix]

All articles are missing the crucial details; namely which cryptographic algorithms have been successfully cracked and under which parameters. Guardian writes:

The three organisations removed some specific facts but decided to publish the story because of the value of a public debate about government actions [...] .

Yet, the article does claim this:

"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive." The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.

But they also quote Snowden that:

"Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on," he said before warning that NSA can frequently find ways around it as a result of weak security on the computers at either end of the communication.

Maybe we still have some hope?

Re:Uh... okay

[cryptizard]

I don't know that it is necessarily true, but I wouldn't bet my life that they don't have a backdoor on at least one root CA. Remember, you don't need all of them, just one can do a lot of damage.

Re:SSH?

[lgw]

I'd wager that the fundamental flaw in HTTPS is that the government has the private keys direct from the CAs. The protocol is flawed in the key management (as most are).

Re:Uh... okay

[cryptizard]

No, no and no. It would take a SIGNIFICANT theoretical break on encryptions to bring them within the realm of brute force capability. Even 80 bits of security is considered well outside of the reach of existing machines, and AES has at least 128 bits. Remember, every bit doubles the amount of time it takes to brute force. It would take all the computers in the world billions of years to brute force one key.

Re:And the crucial details.. missing

[Laxori666]

Could they have just Man-in-the-Middle'd a whole ton of HTTPS connections? If they get certificates signed by the right authorities and have access to backbone routers, can't they just read HTTPS as if it were not even encrypted?

I call bullshit

[JoeyRox]

The NSA can crack 4096-bit PGP keys? I doubt it. Seems like FUD to dissuade people from even attempting to use encryption

Re:SSH?

[MightyMartian]

Yes, it goes without saying that the supreme weakness of key-based encryption is that you're only as secure as the security of the signing keys themselves.

The proper way to do it is to have your CAs sitting on a non-network connected computer sitting in a secure location, with as few individuals having access as possible. Obviously that's not 100%, as the NSA could still show up with a warrant, but you're going to know when you've been compromised, which is, really, the whole point behind proper key management.

Re:eveBot intercepts aliceCopter!

[the_B0fh]

Just don't use paypal to get funding...

Re:And the crucial details.. missing

[hydrofix]

Yes, but this could show up with tools like SSL Observatory, which has recorded millions of certificates from different web sites as seen by hundreds of thousands of Chrome and Firefox users globally. They would risk eventually exposing themselves, and the CAs who signed those bogus certificates for NSA would get nuked from all browsers, which is the absolute worst thing that can happen to a CA. If they use fake certs and MITM, it would have to be very elusive, and carry a calculated risk of exposure.

Re:More technical discussion

[stenvar]

but the US has proved to be an unethical steward of the internet. The UK is no better

Any nation would prove to be an unethical steward of the Internet: power tempts and corrupts, whether it's the power to control the Internet, the power to wage war and kill people, the power to mess with the economy, or the power to hand out "benefits" to people.

The only solution to any of these problems is to rely on decentralized mechanisms that can't be controlled and corrupted by central authorities, and to limit the power of governments as much as possible and to the absolute minimum.

Re:And the crucial details.. missing

[steelfood]

There are literally hundreds of places to attack encrypted communications. The encryption algorithm itself is just one component in a chain that must be and remain secure. The NSA only needs to compromise one part of that chain to compromise the entire system.

It can be a mathematical breakthrough. It can be an implementation flaw. It can be an implementation flaw of any related--however loosely--system. It can be an embedded individual on one end. It can be a specific external device. It can be a component--however marginal--of a device. It can be a (secret) court order. It can be a xkcd-style baseball bat to the knee to one or both parties. It can be negotiated with one or both parties.

The founders knew this. They understood that an individual with limited resources had no chance against the government who would have relatively unlimited resources (the government's resources is the country itself, so it really is Person vs. United States), and the only way to prevent, stop, or avoid such a scenario is for the government to check and balance itself. Those checks and balances have (mostly) failed. We as individuals have no recourse.

There's always hope, but you'd be deluding yourself if you think there's any chance.

Re:SSH?

[bloodhawk]

Why would anyone ever exchange private Keys???? The system does not work that way.

Re:SSH?

[Score Whore]

A) The NSA probably directly runs half of the CAs and thus own the root keys that come configured in your browser.
B) Absent some fancy crypto skills, having the CA root key only allows them to MITM connections. Doesn't help with decrypting a captured stream.

Re: SSH?

[MightyMartian]

To fully secure our VPN, I've now built a CA on a non-Internet connected machine which sits behind lock and key. I use it to create SSL certificates for our VPN routers. I'm not building these Certs for Joe Average to connect to my servers, I'm building them so I can be sure that communications between my VPN endpoints is secure, and by securing the CA I can be certain that the likelihood of anyone, including the NSA, can break into my VPN tunnels with any kind of non-local exploit is low to nil.

Re:Works for me

[kilfarsnar]

So do you want the NSA to break Syria's encryption about their chemical weapons attacks?

Or do you prefer we not know that the Syrian government uses chemical weapons to kill civilian populations, affecting public policy?

Which social contract would you prefer government to break? the "Government shouldn't know private activities of foreign governments" or "Government shouldn't allow foreign governments to kill civilians"?

If your privacy is important, then you think that means your government shouldn't monitor foreign communications, correct? And that means you think it's ok for foreign governments to kill civilians as they please? And if you think foreign governments should be allowed to kill civilians, then I guess you don't donate to charity either? Why would you want to help other people, after all?

You can pick either charity or privacy, but you can't have both. Sorry. That's because bad guys have power, and you need more power to overcome those bad guys for the purposes of charity.

So charity or privacy? What's it going to be?

Won't somebody please think of the civilians!

All else aside, if you think the NSA breaks codes in order to prevent civilian casualties, or for "charity", you have another thing coming. They do it to provide intelligence to the US government to facilitate furthering its national interest, in whatever form that may take. And if you think civilian casualties or chemical weapons are the actual reason we are considering whether or not to attack Syria, you have yet another thing coming.

Re:Works for me

[aaaaaaargh!]

"Government shouldn't allow foreign governments to kill civilians"?

Incidentally, that policy also applies to the Syrian government versus the US. Cos', you know, the US is a foreign government and airstrikes would surely also kill civilians.

Also, your entire post is a false dichotomy.

Where random number gen "flaws" come from.

[Animats]

There are a surprisingly large number of public key generators with weak random number generators:

• "Debian OpenSSL Package Random Number Generator Weakness" [securityfocus.com]
• "Flaw Found in an Online Encryption Method" [nytimes.com]
• "NetBSD Intel Hardware Random Number Generator (RNG) Failure Encryption Weakness " [osvdb.org]
• "PasswordSafe 3.0 weak random number generator allows key recovery attack" [seclists.org]

And those are the ones we know about.

For open source systems, the person or persons who inserted the weak code should be identified and kicked off the project. It may just be incompetence, but that's a good reason to keep them out of security-critical areas.

Weak keys don't just let the NSA in. They let the People's Liberation Army of China in, too.

Re:SSH?

[mspohr]

The article states that they are working with commercial software vendors to insert back doors, vulnerabilities, etc. into their software. This is much easier than trying to break RSA or AES by brute force.
I think we have to assume that all commercial software has been compromised and is vulnerable.
Only trust open source software where the code has been audited carefully.

Re: SSH?

[vux984]

This case self signed certs would be safer.

Self signed certs have always been safer when used properly.

In a closed controlled enterprise environment self-signed certs are fine, and reasonably easy to do well.

Using them properly on the public internet however is pretty much impossible. Keys with a chain of trust to a 3rd party certificate authority (e.g. verisign, comodo, et al) are exactly that ... chains of trust. Can I trust that verisign hasn't be compromised by your average hacker? Probably, for the most part yes. Can I trust that verisign hasn't rolled over and opened its legs for the NSA? No. I can't.

But having the average https site switch over to self-signed certs to avoid using NSA-compromised-verisign isn't a solution as I have no convenient way to verify when i enter their web address that I haven't been presented with a MITM site (hosted by a hacker... or even by the NSA which is the whole reason we dumped Verisign certs for self-signed in the first place...)

Re:perspective

[JanneM]

That's like saying almost all sex they've ever had was consensual and legal, so we really shouldn't blame them for the few cases of rape they committed.

Re:Works for me

[xevioso]

I do. I do give a fuck about people who nerve gas to kill civilians in large amounts. If you don't, you are a sociopath.

Re: Works for me

[tolkienfan]

How did the NSAs ability to decrypt most of the encrypted communications of the world prevent Syria's chemical attack on its own people?
Or even help after the fact, for that matter?
How is helping Syria's people even part of the NSAs charter?

Re:SSH?

[gutnor]

Certificate authorities never see private keys

Theoretically, in practice average Joe buy their certificate and private keys from a third party. And obviously if you use any type of hosted environment, you must provide the private key.

Even big companies do not run their own datacenter nowadays, hell even Banks do not run everything onsite so I wouldn't be surprise me if the NSA did not already have the majority of the SSL private keys.

Re:Uh... okay

[epine]

It's kind of like the "eye of sauron" thing. They may not be omnipotent and able to target everyone at once, but once their eye turns your way there's little you can do about it short of jumping into a volcano.

Did you sleep through the end of the movie? You can't watch everybody all of the time. It ends up becoming a resources issue, and the NSA has finite resources after all (despite spending their secret funds at 100x typical levels of government efficiency).

A central prong in this campaign is to discourage the vast majority of people from even trying to make their communications secure so that they do have enough resources to watch everyone who poses any threat at any level pretty much all the time.

Deniability has been improved

[jacobsm]

Now that we know the NSA can intercept and decrypt any message, doesn't it also mean that they can change the message to whatever they want, re-encrypt it, and pull it out in a court of law as evidence?

If they do, or even if they don't, I can now say they did, and they can't prove they didn't.

Re:Works for me

[Dishevel]

How about the NSA do its fucking job.

Spy on foreign governments and foreign citizens. They need to stay the fuck away from Citizens of the United States of America. Spying on Americans is what other governments are for.

The NSA is operating far outside of its charter. Put them straight.

Re:Works for me

[mendax]

Actually, you will get neither if the NSA is able to read all encrypted communication. Simply put, if the government has the ability to penetrate all encrypted communications, there will be no privacy. If there is no privacy the government will eventually degenerate to a tyranny. Given a choice between a tyranny and dead Syrians, I choose the dead Syrians. I don't like the idea of people being killed by their government but I'd rather have the Syrian government killing Syrians than the American government killing Americans, something which will eventually happen if we lose our civil rights.

Don't doubt for a minute that there are forces in the government that are working toward that. They're mostly not evil people and most don't really understand what the ramifications of what they are doing, but history does repeat itself and there is plenty of history that demonstrates what happens when a government can do whatever it wants. Orwell's "1984" is fiction, not history, but it is based upon history and basic psychology. If we want to retain our civil rights, we need to fight and struggle for them, both in the courts and in civil disobedience if necessary.

Stallman warned...

[fredprado]

Richard Stallman warned us about this decades ago. It is incredible how people are still able to dismiss his warnings as more and more of his predictions come into reality.

Re:THIS...

[mspohr]

This has nothing to do with liberal or conservative and everything to do with the power of government.
From Bruce Schneier:
Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground.
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying [theguardian.com]

Re:More technical discussion

[stenvar]

(1) We need to adopt technologies that are secure no matter what the government wants.

(2) We need to reduce and devolve the power of government in general in all areas: defense, federal police, welfare, health care, monetary policy, economic policy, etc. And that needs to happen in both the US and Europe.

Re:SSH?

[Frobnicator]

I'm more inclined to trust Bruce Schneier who says "I trust the mathematics," than the authors of this sensationalist NYTimes article

I trust the math, even though I don't understand it.

I don't necessarily trust the people who coded the math into a program.

I don't necessarily trust the computer that is running the program.

Re:Works for me

[mirix]

Yeah, 'accidental' civilian deaths, or deaths from 'necessary collateral damage' are so very noble and just.

In Serbia the US/NATO 'accidentally' bombed a farmers market, two hospitals, the Chinese embassy, civilian radio/TV stations, bridges on the wrong side of the country with civilians on them, etc. Also random factories that weren't military-related industry (eg. tobacco) - Interestingly the tobacco factory got bought by Phillip Morris a couple years later...

Chemical weapons are abhorrent, absolutely. But unless use is widespread, picking winners and causing more death and destruction isn't ideal, neither.

Re:Works for me

[Anonymous Coward]

> I'd like us to continue treating encryption as weapons and regulate its export accordingly.

Except that:
- encryption is not a weapon so treating it as such makes no sense.
- the rest of the world is able to invent encryption algorithms too. While creating good encryption requires very specialized knowledge and skill, these things are not exclusive to the US.
- strong encryption is a requirement for electronic commerce, when the rest of the world does not have access to encryption this hurts the US financially.

Re:Works for me

[Zak3056]

Perhaps we shouldn't have provided the Syrians with the precursor chemicals to make weapons in the first place.

Your position is laughable. You have the precursor chemicals to make weapons under your kitchen sink. It's basically impossible to have any kind of modern industrial base without them.

People like you are why I can't buy fucking cold medicine anymore.

Re: SSH?

[mspohr]

With closed source, you don't know if it's secure and you can't verify that it's secure and now we have these NSA documents which state that they have already compromised the most popular commercial security software and they are working on compromising the rest of it.
With open source, you don't have a guarantee that it's secure but you do have lots of knowledgeable people looking at the code (especially now) and you yourself can audit the code. It has a much higher chance of being secure.
You're right, "a security solution with a destroyed reputation is no solution at all"... and the NSA just destroyed the reputation of all commercial security software.

Re:SSH?

[Marillion]

My suspicion is that they can monitor the AES key negotiation during SSL handshake. I've heard enough experts say they still trust AES. But if you as a government agency can compel a company to disclose their private RSA/DSA key then snooping SSL is easy. SSL uses the RSA/DSA public to encrypt the session symmetric encryption key. If you know the RSA/DSA private key, then you can easily decrypt that session key and then snoop the communication.

Re:Works for me

[marcosdumay]

You can't do much with the knowledge that a government wants you dead.

But a government can do a lot with the knowledge that you want it replaced.

Re: SSH?

[skids]

That is assuming the NSA doesn't send developers into OSS environments to insert cleverly obfuscated and plausibly deniable vulnerabilities. OSS is spread pretty thin in many areas. Some products you would think would have a team of tens of developers have more like 4, and there is a good probability there will be a deficiency in either expertise or time.

Do the numbers

[Anonymous Coward]

the NSA has done over a 100,000,000 million legal searches.

That means there is a court order for each of the searches. Assuming that every of the 300 million inhabitants of the U.S. is a certified judge, that still means that every of those judges is responsible for about 330000 court orders. Assuming that it takes about half an hour to evaluate and fill such an order and that an average month has about 165 working hours, it means that the average U.S. citizen has spent about 1000 months or 80 years of signing court orders for legal searches so far.

Of course assuming that all of those searches were legal.

Sounds legit to me.

Re:Works for me

[DocHoncho]

So because there are scary bad men out there the government should be able to do whatever the fuck it wants to be able to catch them? Even if that includes massively violating the privacy of every citizen (never know who's a scary bad man!!) in the country? Even if it includes building a massive database filled with who the fuck knows what that never, ever, gets erased? You know how they say the internet forgets nothing? This is even worse, since random fruit loops on the internet don't have access to your phone records, your banking records, your phone calls, your location and every niggling little detail of your entire life! If you think it's bad that /b/ can access something stupid you said on your blog and troll you even if you delete it, just wait until some scary bad men, I mean trusted public servants, get ahold of all that juicy personal information that those stalwart do-gooders of the NSA put together for them, they'll have a field day! Accidently piss off some bureaucrat at the DMV? He'll just call his cousin at the Ministry of Love and they'll whip up some charges doubleplusquick then off to the Re-education centers (actually, that's too expensive, off to the work camps, more than likely).

If you really think it's just "metadata" you're deluded. All this stuff that's coming out used to sound like the fever dreams of the loony fringe, and god damn does it suck having to listen to them smugly say "We told you so."

The real concern

[Taco Cowboy]

While you guys are cracking jokes on ROT13, a letter to NYT ( http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?_r=0 [nytimes.com] ) caught my attention

- - - B Missouri Reader
        Missouri

On the one hand, âoeIn the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,â but on the other hand the liberties of Americans are at risk by such programs.

In other words, we face a situation where the strongest, most secure nation can no longer be a nation that guarantees the rights of its citizens.

Privacy is not simply a convenience, but it is intimately linked to free speech and to the future prospects for democracy in America. Key elements of the Constitution provide a framework where incumbents can be challenged in free elections, ensuring that better ideas and better leaders will become available to guide the nation. But nobody can win an election against an incumbent with unlimited access to the communications of its rivals. We're not there yet, but the trend is in that direction.

It is high time that members of both parties in Congress get off of their high horses and address this growing threat to our democracy. Technical and legal hurdles must be cleared, and it may even be necessary to make significant changes in the way the internet works. But time passes very quickly in the technology world, and the clock has already been ticking for quite a long time."